Stay up to date on the latest risks, threats, and product vulnerabilities.

Our analysts and researchers unpack emerging vulnerabilities as they happen, to guide clients on how best to react and respond.

Aware of an incident impacting your organization? Let us know:

Report an incident

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

May 20, 2026

Critical Vulnerability Disclosed in Drupal (PSA-2026-05-18)

Update May 20th, 2026: Drupal recently updated their security advisory with additional technical details and an official CVE to reference a critical vulnerability in Drupal Core. Tracked as CVE-2026-9082, the flaw is due to an SQL injection vulnerability that can be reached through Drupal Core’s database extraction API and only affects deployments using PostgreSQL databases.

2026-05-20

May 14, 2026

Critical Vulnerability in Cisco Catalyst SD-WAN Controller Under Active Exploitation (CVE-2026-20182)

On May 14th, Cisco published an advisory detailing a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN controller infrastructure. The vulnerability, tracked as CVE-2026-20182, is a peering authentication bypass between SD-WAN infrastructure components and is similar to a vulnerability discovered 3 months prior. Active exploitation has been confirmed in the wild, and CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Line the vulnerability reported in late February, this flaw allows an unauthenticated attacker the ability to bypass authentication and create a rogue peer to a victim’s SD-WAN controller. Through creating a rogue peer, an attacker can advance to gain high privileged access into the ecosystem and manipulate configurations via NETCONF.

2026-05-14

May 14, 2026

Critical 18-Year-Old RCE Vulnerability in NGINX aka “NGINX Rift” (CVE-2026-42945)

On May 13th, 2026, F5 released an advisory regarding a flaw that under specific non-default conditions, could allow unauthenticated remote code execution (RCE) in NGINX Open Source and NGINX Plus. Tracked as CVE-2026-42945 and nicknamed “NGINX Rift”, the vulnerability stems from a heap buffer overflow in the ‘ngx_http_rewrite_module’ that has been present in the codebase since 2008.

2026-05-14

May 12, 2026

Critical Auth Bypass Vulnerability in FortiAuthenticator (CVE-2026-44277)

On May 12th, Fortinet publicly released a critical vulnerability affecting Fortinet FortiAuthenticator which handles Identity and Access Management (IAM) within some Fortinet architectures. The flaw is tracked as CVE-2026-44277 and classified as an improper access control vulnerability allowing unauthenticated attackers the ability to execute unauthorized code remotely.

2026-05-12

May 6, 2026

Critical Vulnerability in PaloAlto PAN-OS Authentication Portal (CVE-2026-0300)

On May 6th, Palo Alto Networks announced CVE-2026-0300, an authentication bypass vulnerability in their PAN-OS which allows an unauthenticated attacker to bypass authentication and remotely execute code as root on PAN-OS PA-Series and VM-Series firewalls.

2026-05-06

May 5, 2026

Critical Vulnerability in Apache HTTP Server Disclosed (CVE-2026-23918)

On May 4th, 2026 Apache released an advisory regarding a flaw that under certain conditions, could allow unauthenticated remote code execution (RCE) in Apache HTTP Server version 2.4.66. Tracked as CVE-2026-23918, the vulnerability stems from a memory corruption bug within the version’s implementation.

2026-05-05

April 30, 2026

Critical Vulnerability in Progress MOVEit Automation (CVE-2026-4670)

On April 30th, Progress Software published an alert bulletin regarding a critical vulnerability in their widely used file share product MOVEit Automation. The flaw, tracked as CVE-2026-4670, could allow unauthenticated, remote attackers access to affected systems.

2026-04-30

April 29, 2026

Critical Vulnerability in cPanel and WHM Under Active Exploitation (CVE-2026-41940)

On April 29th, cPanel published an emergency advisory concerning CVE-2026-41940, a security issue in “various authentication paths” in all supported versions of the cPanel software. cPanel provided security updates along with their public advisory. Well known hosting providers have confirmed that an exploit is already being used in-the-wild and some have taken the extreme step to firewall off access to the software until security patches could be deployed. Additionally, a few hours after the official cPanel advisory security researchers published a blog with details to produce proof-of-concept exploit code.

2026-04-29

April 13, 2026

Critical Remote Code Execution Vulnerability in FortiClient EMS Under Active Exploitation (CVE-2026-21643)

On April 13th, CISA added a critical remote code execution vulnerability in FortiClient Enterprise Management Server to its Known Exploited Vulnerability (KEV) database. The vulnerability is being tracked as CVE-2026-21643 and is under active exploitation.

2026-04-13

April 6, 2026

Critical Auth Bypass Vulnerability in FortiClient EMS Under Active Exploitation (CVE-2026-35616)

On April 6th, CISA added a critical remote code execution vulnerability in FortiClient Enterprise Management Server to its Known Exploited Vulnerability (KEV) database. The vulnerability is being tracked as CVE-2026-35616 and is under active exploitation.

2026-04-06

There are no available Alerts & Advisories matching the current filters.

Reset All

Suffering from an incident and need help?

Activate our IR Team

Prepare

Implement

Defend

Respond

Manage Risk

Beazley Insured

Featured Industries

Enabling readiness and resilience from pre-breach to remediation.

Bringing extensive experience to every engagement.

Nice to meet you. Find out more about our company here.

The latest insights and advisories from our team